November 12, 2023 at 06:56PM LockBit ransomware has leaked more than 43GB of files stolen from Boeing after the aerospace company refused to pay the ransom. The leaked data includes backups for various systems, with the most recent files dated October 22. LockBit had warned Boeing about the leak and threatened to publish a sample … Read more
November 10, 2023 at 02:59PM Hackers have been targeting healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. The attacks involve installing additional remote access tools to ensure persistent access to the environments. The attacks were observed between October 28 and November 8, 2023, and the same actor is behind all incidents. … Read more
November 9, 2023 at 06:16PM Malicious Python packages masquerading as code obfuscation tools are targeting developers through the PyPI code repository. Known as “BlazeStealer,” the malware can steal data, launch keyloggers, encrypt files, and execute commands. Hackers target developers engaged in code obfuscation due to the valuable and sensitive information they work with. BlazeStealer is … Read more
November 2, 2023 at 10:11AM Password reuse is a dangerous vulnerability that IT teams struggle to detect. According to a TechRepublic survey, 53% of people admit to reusing passwords, making it easier for hackers to gain access. Verizon estimates that 86% of attacks start with compromised credentials. Organizations need to take steps to mitigate this … Read more
October 28, 2023 at 02:18PM The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach. Hackers gained access to the district’s email servers and allegedly stole personal information related to students, parents, and employees. CCSD disabled external access to its Google Workspace and reset all student passwords. The hackers, … Read more
October 26, 2023 at 12:57PM Hackers at the Pwn2Own Toronto 2023 competition earned a total of $350,000 in rewards on the second day. Devices such as NAS devices, printers, smart speakers, mobile phones, and routers were successfully exploited. The highest reward of $100,000 went to Chris Anastasio for vulnerabilities in the P-Link Omada Gigabit router … Read more
October 23, 2023 at 03:41PM Hackers breached the University of Michigan’s network in August, accessing systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants. The unauthorized access lasted from August 23-27, and the data exposed included personal, financial, and medical details. The university detected the suspicious activity and isolated … Read more
October 17, 2023 at 07:12AM Cisco has issued a warning about a zero-day vulnerability, CVE-2023-20198, affecting its IOS XE software. The vulnerability allows remote attackers to gain privileged access and take control of devices, potentially modifying network routing rules and exfiltrating data. Cisco has observed active exploitation of the vulnerability and is working on a … Read more
October 12, 2023 at 09:59AM Former Uber CISO Joseph Sullivan’s lawyers have argued in an appeal that his conviction for charges related to a 2016 data breach should not stand as it threatens bug bounty programs. They describe the verdict as “profoundly flawed” and claim that it jeopardizes the valuable tool used by security teams … Read more